P
US10033740B2ActiveUtilityPatentIndex 50

Inter-application management of user credential data

Assignee: SALESFORCE COM INCPriority: Apr 12, 2011Filed: Jun 29, 2016Granted: Jul 24, 2018
Est. expiryApr 12, 2031(~4.8 yrs left)· nominal 20-yr term from priority
Inventors:SIMONE JOHNHOSSAIN FIAZ
G06F 16/951G06F 8/20H04L 63/08H04L 63/105G06F 17/30864G06F 21/41H04L 63/10H04L 67/42
50
PatentIndex Score
0
Cited by
148
References
19
Claims

Abstract

A system and apparatus for enhancing the functionality and utility of an authentication process for web applications is disclosed.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A computer-implemented method for providing a software development kit (SDK) for a client web application that performs user authorizations, wherein the SDK has an enhanced set of authorization application program interfaces (APIs), the method comprising:
 providing a resource, with one or more computing devices, to utilize the developer-defined user information for at least authorization, wherein the developer-defined user information comprises at least a user identifier for an on-demand database service; and 
 providing, with the one or more computing devices, access to the resource that can either use a cookie, or server-side storage for storing the developer-defined user information, wherein when the cookie is to be used perform user authorizations, the cookie is sent for authentication purposes to provide re-authentication with each request each time a user makes a request, and wherein when using the server-side storage, the hardware computing device is caused to be configured to not write locally to an application memory, but instead to access a shared session cache memory; and 
 providing, with the one or more computing devices, the resource to choose between two of security framework configurations, wherein a first configuration utilizes a cookie and a second configuration utilizes server-side storage. 
 
     
     
       2. The method of  claim 1 , wherein the security framework comprises a plurality of generic servlet filters and spring security filters. 
     
     
       3. The method of  claim 1 , wherein the generic servlet filter performs OAuth flow and routes the user to the login page. 
     
     
       4. The method of  claim 1 , wherein the generic servlet filter is used within servlet-based web applications that operate without using any specific security framework. 
     
     
       5. The method of  claim 1 , further comprising:
 the generic servlet filter resulting in exactly one of the following outcomes, 
 finding a cookie or session containing that user's SecurityContext, so that the user is recognized; 
 not finding a cookie or session containing that user's SecurityContext, and sending that user to an authorization resource locator to begin an OAuth handshake; or 
 sending a token request to obtain a Session ID, API endpoint, and authentication (refresh) token. 
 
     
     
       6. The method of  claim 1 , further comprising:
 facilitating a choice between storing user data in browser cookies or server side sessions, thereby resulting in application instances being completely stateless. 
 
     
     
       7. The method of  claim 1 , further comprising:
 during a server side session, not writing locally to an application memory, but instead using a shared session cache, where each of a plurality of servers writes to a specific session cache. 
 
     
     
       8. The method of  claim 1 , wherein one of a plurality of guidelines for the developer-defined user information is including data that is needed often, thereby precluding the client application from continually querying for this data. 
     
     
       9. The method of  claim 1 , further comprising:
 including only frequently looked-up data within the developer-defined user information. 
 
     
     
       10. The method of  claim 1  wherein the developer-defined user information comprises a custom database object to store authorization tokens from one or more social media platforms. 
     
     
       11. The method of  claim 1  wherein the developer-defined user information comprises frequently used information from a customer relationship management (CRM) platform. 
     
     
       12. A multi-tenant database system having one or more hardware processors coupled with one or more memory devices, the system comprising:
 a database system to store data in the one or more memory devices for each of multiple tenants; 
 an application server communicably coupled to the database system and to a network, the application server to provide network access to the database system for each of the multiple tenants, the application server utilizing a software development kit (SDK) for building client applications that are to be accessible on the application server, the SDK having authorization application program interfaces (APIs); and 
 wherein the authorization APIs include at least developer-defined user information comprising at least a user identifier for the multi-tenant database system and providing access to at least two security framework configurations using cookies or using server-side storage, wherein when the cookie is to be used perform user authorizations, the cookie is sent for authentication purposes to provide re-authentication with each request each time a user makes a request, and wherein when using the server-side storage, a hardware computing device is caused to be configured to not write locally to an application memory, but instead to access a shared session cache memory. 
 
     
     
       13. A non-transitory machine-readable medium carrying one or more sequences of instructions for implementing a method for providing an interface for object relationships having at least a software development kit (SDK) for a client web application that performs user authorizations, wherein the SDK has an enhanced set of authorization application program interfaces (APIs), comprising:
 wherein that enhanced set of APIs including the following;
 providing access to a resource that can either use a cookie, or server-side storage for storing the developer-defined user information, wherein when the cookie is to be used perform user authorizations, the cookie is sent for authentication purposes to provide re-authentication with each request each time a user makes a request, and wherein when using the server-side storage, the hardware computing device is caused to be configured to not write locally to an application memory, but instead to access a shared session cache memory; and 
 providing the resource to choose between two of security framework configurations, wherein a first configuration utilizes the cookie and a second configuration utilizes server-side storage. 
 
 
     
     
       14. The non-transitory machine-readable medium of  claim 13 , wherein the security framework comprises a plurality of generic servlet filters and spring security filters. 
     
     
       15. The non-transitory machine-readable medium of  claim 13 , wherein the generic servlet filter performs OAuth flow and routes the user to the login page. 
     
     
       16. The non-transitory machine-readable medium of  claim 13 , wherein the generic servlet filter is used within servlet-based web applications that operate without using any specific security framework. 
     
     
       17. The non-transitory machine-readable medium of  claim 13 , further comprising:
 during a server side session, not writing locally to an application memory, but instead using a shared session cache, where each of a plurality of servers writes to a specific session cache. 
 
     
     
       18. The non-transitory machine-readable medium of  claim 13 , wherein one of a plurality of guidelines for the developer-defined user information is including data that is needed often, thereby precluding the client application from continually querying for this data. 
     
     
       19. The non-transitory machine-readable medium of  claim 13 , further comprising:
 including only frequently looked-up data within the developer-defined user information.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.